Adds LDAP auth engine #45
Conversation
vasyl-purchel
force-pushed
the
master
branch
from
477e34a to
d7aa3c7
Compare
vasyl-purchel
force-pushed
the
master
branch
from
d7aa3c7 to
79dcaaa
Compare
|
Thanks for the PR! So which tests are failing? |
|
LDAP tests - currently it's commented out inside the login method (to check that return is OK result) |
|
I've pushed a commit to uncomment the test so that you can see how it fails. Hope you can help with getting it fixed :) |
|
Thanks! I have limited bandwidth at the moment, but I'll see if I can take a deeper look later today or early this week. If we can't get it figured out, we can just mark tests as TODO and merge. |
|
Cool thanks, I'll also continue looking into fixing it, there is no rush in merging it so I'd prefer tests fixed first. :) |
| @@ -30,7 +30,7 @@ use self::sys::responses::WrappingLookupResponse; | |||
| /// are automatically logged accordingly. | |||
| #[derive(Deserialize, Debug)] | |||
| pub struct EndpointResult<T> { | |||
| pub data: Option<T>, | |||
| pub data: Option<EitherData<T>>, | |||
There was a problem hiding this comment.
Also worth pointing out explicitly why this was changed:
as it seems that for currently implemented auth methods there is no "data" field returned for login api but for ldap/login it returns "data": {} for some reason and that breaks normal deserialisation. This "either data" structure ensures that if unexpectedly data field was returned it still can parse json object.
|
any updates on why this isn't merged? Would be nice to have. |
| pub username_as_alias: Option<bool>, | ||
| pub token_ttl: Option<String>, |
There was a problem hiding this comment.
According to the documentation Vault add some parameters to the auth method.
| pub username_as_alias: Option<bool>, | |
| pub token_ttl: Option<String>, | |
| pub username_as_alias: Option<bool>, | |
| pub dereference_aliases: Option<String>, | |
| pub max_page_size: Option<u32>, | |
| pub use_token_groups: Option<bool>, | |
| pub token_ttl: Option<String>, |
| /// ## Read LDAP Group | ||
| /// Reads the policies associated with a LDAP group. | ||
| /// | ||
| /// * Path: /auth/{self.mount}/groups/{self.groupname} | ||
| /// * Method: GET | ||
| /// * Response: [ReadLDAPGroupResponse] | ||
| /// * Reference: https://www.vaultproject.io/api-docs/auth/ldap#read-ldap-group | ||
| #[derive(Builder, Debug, Default, Endpoint)] | ||
| #[endpoint( | ||
| path = "/auth/{self.mount}/groups/{self.groupname}", | ||
| response = "ReadLDAPGroupResponse", | ||
| builder = "true" | ||
| )] | ||
| #[builder(setter(into, strip_option), default)] | ||
| pub struct ReadLDAPGroupRequest { | ||
| #[endpoint(skip)] | ||
| pub mount: String, | ||
| #[endpoint(skip)] | ||
| pub groupname: String, | ||
| } |
There was a problem hiding this comment.
According to the official documentation we should change it from groupname to name.
| /// ## Read LDAP Group | |
| /// Reads the policies associated with a LDAP group. | |
| /// | |
| /// * Path: /auth/{self.mount}/groups/{self.groupname} | |
| /// * Method: GET | |
| /// * Response: [ReadLDAPGroupResponse] | |
| /// * Reference: https://www.vaultproject.io/api-docs/auth/ldap#read-ldap-group | |
| #[derive(Builder, Debug, Default, Endpoint)] | |
| #[endpoint( | |
| path = "/auth/{self.mount}/groups/{self.groupname}", | |
| response = "ReadLDAPGroupResponse", | |
| builder = "true" | |
| )] | |
| #[builder(setter(into, strip_option), default)] | |
| pub struct ReadLDAPGroupRequest { | |
| #[endpoint(skip)] | |
| pub mount: String, | |
| #[endpoint(skip)] | |
| pub groupname: String, | |
| } | |
| /// ## Read LDAP Group | |
| /// Reads the policies associated with a LDAP group. | |
| /// | |
| /// * Path: /auth/{self.mount}/groups/{self.name} | |
| /// * Method: GET | |
| /// * Response: [ReadLDAPGroupResponse] | |
| /// * Reference: https://www.vaultproject.io/api-docs/auth/ldap#read-ldap-group | |
| #[derive(Builder, Debug, Default, Endpoint)] | |
| #[endpoint( | |
| path = "/auth/{self.mount}/groups/{self.name}", | |
| response = "ReadLDAPGroupResponse", | |
| builder = "true" | |
| )] | |
| #[builder(setter(into, strip_option), default)] | |
| pub struct ReadLDAPGroupRequest { | |
| #[endpoint(skip)] | |
| pub mount: String, | |
| #[endpoint(skip)] | |
| pub name: String, | |
| } |
| /// ## Create/Update LDAP Group | ||
| /// Creates or updates LDAP group policies. | ||
| /// | ||
| /// * Path: /auth/{self.mount}/users/{self.groupname} |
There was a problem hiding this comment.
| /// * Path: /auth/{self.mount}/users/{self.groupname} | |
| /// * Path: /auth/{self.mount}/users/{self.name} |
| /// * Reference: https://www.vaultproject.io/api-docs/auth/ldap#create-update-ldap-group | ||
| #[derive(Builder, Debug, Default, Endpoint)] | ||
| #[endpoint( | ||
| path = "/auth/{self.mount}/groups/{self.groupname}", |
There was a problem hiding this comment.
| path = "/auth/{self.mount}/groups/{self.groupname}", | |
| path = "/auth/{self.mount}/groups/{self.name}", |
| #[endpoint(skip)] | ||
| pub mount: String, | ||
| #[endpoint(skip)] | ||
| pub groupname: String, |
There was a problem hiding this comment.
| pub groupname: String, | |
| pub name: String, |
| api::exec_with_result(client, endpoint).await | ||
| } | ||
|
|
||
| /// Crates or updates a new user. |
There was a problem hiding this comment.
| /// Crates or updates a new user. | |
| /// Crates or updates a new group. |
| .groupname(groupname) | ||
| .policies(policies) |
There was a problem hiding this comment.
| .groupname(groupname) | |
| .policies(policies) | |
| .name(name) |
| groupname: &str, | ||
| policies: &str, |
There was a problem hiding this comment.
The Policies should also be optional and are included in opts.
| groupname: &str, | |
| policies: &str, | |
| name: &str, |
| policies: &str, | ||
| groups: &str, |
There was a problem hiding this comment.
policies and groups should also be optional.
| policies: &str, | |
| groups: &str, |
| .policies(policies) | ||
| .groups(groups) |
There was a problem hiding this comment.
| .policies(policies) | |
| .groups(groups) |
|
hi, sorry, currently busy with other things, I'll try to take a look at fixing the comments later |
Adds new auth engine: LDAP.
Also attempt at adding a test for said engine but while manual test seems to work just fine (example added in a comment) but automated test fails to bind as a user (probably missing some knowledge on how docker_servertest localstack works)